TRENDnet TEW-652BRP 3.04b01 Web Management Interface get_set.ccp nextPage cross site scripting

Una vulnerabilidad fue encontrada en TRENDnet TEW-652BRP 3.04b01 y clasificada como problemática. Una función desconocida del archivo get_set.ccp del componente Web Management Interface es afectada por esta vulnerabilidad. Por la manipulación del parámetro nextPage de un input desconocido se causa una vulnerabilidad de clase cross site scripting. La vulnerabilidad es identificada como CVE-2023-0639. El ataque se puede efectuar a través de la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. Una solución posible ha sido publicada antes y no simplemente después de la publicación de la vulnerabilidad.

Campo	2023-02-02 09:15	2023-03-01 16:47	2023-03-01 16:54
vendor	TRENDnet	TRENDnet	TRENDnet
name	TEW-652BRP	TEW-652BRP	TEW-652BRP
version	3.04b01	3.04b01	3.04b01
component	Web Management Interface	Web Management Interface	Web Management Interface
file	get_set.ccp	get_set.ccp	get_set.ccp
argument	nextPage	nextPage	nextPage
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
availability	1	1	1
cve	CVE-2023-0639	CVE-2023-0639	CVE-2023-0639
responsible	VulDB	VulDB	VulDB
date	1675292400 (2023-02-02)	1675292400 (2023-02-02)	1675292400 (2023-02-02)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.8	2.8	2.8
cvss3_vuldb_basescore	2.4	2.4	2.4
cvss3_vuldb_tempscore	2.2	2.2	2.2
cvss3_meta_basescore	2.4	2.4	3.6
cvss3_meta_tempscore	2.2	2.2	3.6
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1675292400 (2023-02-02)	1675292400 (2023-02-02)
cve_nvd_summary		A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.	A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			M
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			H
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			3.3
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			2.4

◂ Anterior Visión De Conjunto Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!